cloudposse · osterman · Jul 15, 2020 · Apr 24, 2020 · Jul 15, 2020
diff --git a/README.md b/README.md
@@ -217,6 +217,7 @@ Available targets:
 | cidr\_block | Base CIDR block which will be divided into subnet CIDR blocks (e.g. `10.0.0.0/16`) | `string` | n/a | yes |
 | context | Default context to use for passing state between label invocations | <pre>object({<br>    namespace           = string<br>    environment         = string<br>    stage               = string<br>    name                = string<br>    enabled             = bool<br>    delimiter           = string<br>    attributes          = list(string)<br>    label_order         = list(string)<br>    tags                = map(string)<br>    additional_tag_map  = map(string)<br>    regex_replace_chars = string<br>  })</pre> | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": "",<br>  "enabled": true,<br>  "environment": "",<br>  "label_order": [],<br>  "name": "",<br>  "namespace": "",<br>  "regex_replace_chars": "",<br>  "stage": "",<br>  "tags": {}<br>}</pre> | no |
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no |
+| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no |
 | environment | The environment name if not using stage | `string` | `""` | no |
 | igw\_id | Internet Gateway ID the public route table will point to (e.g. `igw-9c26a123`) | `string` | n/a | yes |
 | label\_order | The naming order of the ID output and Name tag | `list(string)` | `[]` | no |

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -24,6 +24,7 @@
 | cidr\_block | Base CIDR block which will be divided into subnet CIDR blocks (e.g. `10.0.0.0/16`) | `string` | n/a | yes |
 | context | Default context to use for passing state between label invocations | <pre>object({<br>    namespace           = string<br>    environment         = string<br>    stage               = string<br>    name                = string<br>    enabled             = bool<br>    delimiter           = string<br>    attributes          = list(string)<br>    label_order         = list(string)<br>    tags                = map(string)<br>    additional_tag_map  = map(string)<br>    regex_replace_chars = string<br>  })</pre> | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": "",<br>  "enabled": true,<br>  "environment": "",<br>  "label_order": [],<br>  "name": "",<br>  "namespace": "",<br>  "regex_replace_chars": "",<br>  "stage": "",<br>  "tags": {}<br>}</pre> | no |
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no |
+| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no |
 | environment | The environment name if not using stage | `string` | `""` | no |
 | igw\_id | Internet Gateway ID the public route table will point to (e.g. `igw-9c26a123`) | `string` | n/a | yes |
 | label\_order | The naming order of the ID output and Name tag | `list(string)` | `[]` | no |

diff --git a/label.tf b/label.tf
@@ -11,6 +11,7 @@ module "label" {
   regex_replace_chars = var.regex_replace_chars
   label_order         = var.label_order
   context             = var.context
+  enabled             = var.enabled
 }
 
 variable "additional_tag_map" {

diff --git a/main.tf b/main.tf
@@ -1,7 +1,14 @@
 # Get object aws_vpc by vpc_id
 data "aws_vpc" "default" {
-  id = var.vpc_id
+  count = var.enabled ? 1 : 0
+  id    = var.vpc_id
 }
 
 data "aws_availability_zones" "available" {
+  count = var.enabled ? 1 : 0
+}
+
+locals {
+  availability_zones_count = var.enabled ? length(var.availability_zones) : 0
+  enabled                  = var.enabled ? 1 : 0
 }
diff --git a/nat-gateway.tf b/nat-gateway.tf
@@ -5,7 +5,7 @@ module "nat_label" {
 }
 
 locals {
-  nat_gateways_count = var.nat_gateway_enabled ? length(var.availability_zones) : 0
+  nat_gateways_count = var.enabled && var.nat_gateway_enabled ? local.availability_zones_count : 0
 }
 
 resource "aws_eip" "default" {

diff --git a/nat-instance.tf b/nat-instance.tf
@@ -5,20 +5,21 @@ module "nat_instance_label" {
 }
 
 locals {
-  nat_instance_count = var.nat_instance_enabled ? length(var.availability_zones) : 0
-  cidr_block         = var.cidr_block != "" ? var.cidr_block : data.aws_vpc.default.cidr_block
+  nat_instance_count   = var.enabled && var.nat_instance_enabled ? local.availability_zones_count : 0
+  cidr_block           = var.cidr_block != "" ? var.cidr_block : join("", data.aws_vpc.default.*.cidr_block)
+  nat_instance_enabled = var.enabled && var.nat_instance_enabled ? 1 : 0
 }
 
 resource "aws_security_group" "nat_instance" {
-  count       = var.nat_instance_enabled ? 1 : 0
+  count       = local.nat_instance_enabled
   name        = module.nat_instance_label.id
   description = "Security Group for NAT Instance"
   vpc_id      = var.vpc_id
   tags        = module.nat_instance_label.tags
 }
 
 resource "aws_security_group_rule" "nat_instance_egress" {
-  count             = var.nat_instance_enabled ? 1 : 0
+  count             = local.nat_instance_enabled
   description       = "Allow all egress traffic"
   from_port         = 0
   to_port           = 0
@@ -29,7 +30,7 @@ resource "aws_security_group_rule" "nat_instance_egress" {
 }
 
 resource "aws_security_group_rule" "nat_instance_ingress" {
-  count             = var.nat_instance_enabled ? 1 : 0
+  count             = local.nat_instance_enabled
   description       = "Allow ingress traffic from the VPC CIDR block"
   from_port         = 0
   to_port           = 0
@@ -41,7 +42,7 @@ resource "aws_security_group_rule" "nat_instance_ingress" {
 
 // aws --region us-west-2 ec2 describe-images --owners amazon --filters Name="name",Values="amzn-ami-vpc-nat*" Name="virtualization-type",Values="hvm"
 data "aws_ami" "nat_instance" {
-  count       = var.nat_instance_enabled ? 1 : 0
+  count       = local.nat_instance_enabled
   most_recent = true
 
   filter {
@@ -131,4 +132,3 @@ resource "aws_route" "nat_instance" {
   destination_cidr_block = "0.0.0.0/0"
   depends_on             = [aws_route_table.private]
 }
-
diff --git a/private.tf b/private.tf
@@ -11,16 +11,17 @@ module "private_label" {
 }
 
 locals {
-  private_subnet_count = var.max_subnet_count == 0 ? length(data.aws_availability_zones.available.names) : var.max_subnet_count
+  private_subnet_count        = var.enabled && var.max_subnet_count == 0 ? length(flatten(data.aws_availability_zones.available.*.names)) : var.max_subnet_count
+  private_network_acl_enabled = var.enabled && signum(length(var.private_network_acl_id)) == 0 ? 1 : 0
 }
 
 resource "aws_subnet" "private" {
-  count             = length(var.availability_zones)
-  vpc_id            = data.aws_vpc.default.id
+  count             = local.availability_zones_count
+  vpc_id            = join("", data.aws_vpc.default.*.id)
   availability_zone = element(var.availability_zones, count.index)
 
   cidr_block = cidrsubnet(
-    signum(length(var.cidr_block)) == 1 ? var.cidr_block : data.aws_vpc.default.cidr_block,
+    signum(length(var.cidr_block)) == 1 ? var.cidr_block : join("", data.aws_vpc.default.*.cidr_block),
     ceil(log(local.private_subnet_count * 2, 2)),
     count.index
   )
@@ -48,8 +49,8 @@ resource "aws_subnet" "private" {
 }
 
 resource "aws_route_table" "private" {
-  count  = length(var.availability_zones)
-  vpc_id = data.aws_vpc.default.id
+  count  = local.availability_zones_count
+  vpc_id = join("", data.aws_vpc.default.*.id)
 
   tags = merge(
     module.private_label.tags,
@@ -69,14 +70,13 @@ resource "aws_route_table" "private" {
 }
 
 resource "aws_route_table_association" "private" {
-  count = length(var.availability_zones)
-
+  count          = local.availability_zones_count
   subnet_id      = element(aws_subnet.private.*.id, count.index)
   route_table_id = element(aws_route_table.private.*.id, count.index)
 }
 
 resource "aws_network_acl" "private" {
-  count      = signum(length(var.private_network_acl_id)) == 0 ? 1 : 0
+  count      = local.private_network_acl_enabled
   vpc_id     = var.vpc_id
   subnet_ids = aws_subnet.private.*.id
 
@@ -100,4 +100,3 @@ resource "aws_network_acl" "private" {
 
   tags = module.private_label.tags
 }
-
diff --git a/public.tf b/public.tf
@@ -11,16 +11,19 @@ module "public_label" {
 }
 
 locals {
-  public_subnet_count = var.max_subnet_count == 0 ? length(data.aws_availability_zones.available.names) : var.max_subnet_count
+  public_subnet_count        = var.enabled && var.max_subnet_count == 0 ? length(flatten(data.aws_availability_zones.available.*.names)) : var.max_subnet_count
+  public_route_expr_enabled  = var.enabled && signum(length(var.vpc_default_route_table_id)) == 1
+  public_network_acl_enabled = var.enabled && signum(length(var.public_network_acl_id)) == 0 ? 1 : 0
+  vpc_default_route_table_id = var.enabled ? signum(length(var.vpc_default_route_table_id)) : 0
 }
 
 resource "aws_subnet" "public" {
-  count             = length(var.availability_zones)
-  vpc_id            = data.aws_vpc.default.id
+  count             = local.availability_zones_count
+  vpc_id            = join("", data.aws_vpc.default.*.id)
   availability_zone = element(var.availability_zones, count.index)
 
   cidr_block = cidrsubnet(
-    signum(length(var.cidr_block)) == 1 ? var.cidr_block : data.aws_vpc.default.cidr_block,
+    signum(length(var.cidr_block)) == 1 ? var.cidr_block : join("", data.aws_vpc.default.*.cidr_block),
     ceil(log(local.public_subnet_count * 2, 2)),
     local.public_subnet_count + count.index
   )
@@ -49,33 +52,33 @@ resource "aws_subnet" "public" {
 }
 
 resource "aws_route_table" "public" {
-  count  = signum(length(var.vpc_default_route_table_id)) == 1 ? 0 : 1
-  vpc_id = data.aws_vpc.default.id
+  count  = local.public_route_expr_enabled ? 0 : local.enabled
+  vpc_id = join("", data.aws_vpc.default.*.id)
 
   tags = module.public_label.tags
 }
 
 resource "aws_route" "public" {
-  count                  = signum(length(var.vpc_default_route_table_id)) == 1 ? 0 : 1
+  count                  = local.public_route_expr_enabled ? 0 : local.enabled
   route_table_id         = join("", aws_route_table.public.*.id)
   destination_cidr_block = "0.0.0.0/0"
   gateway_id             = var.igw_id
 }
 
 resource "aws_route_table_association" "public" {
-  count          = signum(length(var.vpc_default_route_table_id)) == 1 ? 0 : length(var.availability_zones)
+  count          = local.public_route_expr_enabled ? 0 : local.availability_zones_count
   subnet_id      = element(aws_subnet.public.*.id, count.index)
   route_table_id = aws_route_table.public[0].id
 }
 
 resource "aws_route_table_association" "public_default" {
-  count          = signum(length(var.vpc_default_route_table_id)) == 1 ? length(var.availability_zones) : 0
+  count          = local.public_route_expr_enabled ? local.availability_zones_count : 0
   subnet_id      = element(aws_subnet.public.*.id, count.index)
   route_table_id = var.vpc_default_route_table_id
 }
 
 resource "aws_network_acl" "public" {
-  count      = signum(length(var.public_network_acl_id)) == 0 ? 1 : 0
+  count      = local.public_network_acl_enabled
   vpc_id     = var.vpc_id
   subnet_ids = aws_subnet.public.*.id
 
@@ -99,4 +102,3 @@ resource "aws_network_acl" "public" {
 
   tags = module.public_label.tags
 }
-
diff --git a/variables.tf b/variables.tf
@@ -1,3 +1,9 @@
+variable "enabled" {
+  type        = bool
+  default     = true
+  description = "Set to false to prevent the module from creating any resources"
+}
+
 variable "subnet_type_tag_key" {
   type        = string
   default     = "cpco.io/subnet/type"